CVE-2016-5416

Name	CVE-2016-5416
Description	389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs	834233

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
389-ds-base (PTS)	buster	1.4.0.21-1	vulnerable
	bullseye	1.4.4.11-2	vulnerable
	bookworm, sid	2.3.1+dfsg1-1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
389-ds-base	source	(unstable)	(unfixed)	unimportant		834233

Notes

https://fedorahosted.org/389/ticket/48852
https://github.com/389ds/389-ds-base/issues/1912
Potentially related: https://fedorahosted.org/389/ticket/48354
Marginal impact, upstream not planning to change